Main Vulnerability Database Vulnerabilities #VU132748

Exposure of Resource to Wrong Sphere in OpenClaw - #VU132748

Published: May 29, 2026

Vulnerability identifier: #VU132748

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-668

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to exposure of resource to wrong sphere in sandboxed session spawn when forwarding a sandboxed parent session into a child session prompt. A remote user can cause a child session to inherit the real workspace path to disclose sensitive information.

Only instances with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-6c4r-g249-wv3c

Exposure of Resource to Wrong Sphere in OpenClaw - #VU132748

Detailed vulnerability description

Remediation

Sources

Please verify you're human